DNSSEC Via a New Stub Resolver

Allison Mankin, Director of Verisign Labs, Neel Goyal and Glen Wiley, Sr. Engineers at Verisign and WIllem Toorop, an engineer at NLNet Labs will give a joint presentation. Many developers don’t realize how much they rely on the DNS and how important some of the modern improvements to the DNS are to building reliable and secure applications. We first take a few minutes to explain how the DNS works from an application’s perspective and provide context by explaining the most essential uses of DNSSEC. The need for a more modern interface to the DNS (beyond the libc entry points) is obvious, however so far there isn’t a commonly accepted standard. We explore the origins of the independently commissioned specification documented as the getDNS API and then dig into the most important features of the specification. The balance of the talk covers the Open Source implementation of that specification whose first public release is scheduled for February 25, 2014. The core team is comprised of developers at Verisign and NLNet Labs and is spread from Alaska to the mid-Atlantic US to the Netherlands. Our team has leveraged some simple tools to make collaboration effective and we will share our techniques for managing geographic diversity. We spend some time to explore how we chose the BSD license for the project and how we are leveraging hackathons and other means of gaining feedback from developers outside the team as we build the implementation.

People planning to attend this session also want to see:

Allison Mankin

Verisign, Inc.

Allison is the Director of Verisign Labs, a research organization focusing on long-term evolution of the
Internet infrastructure and on open standards-based prototyping. She has been active in Internet engineering
and research for over 25 years, including having served at the Internet Engineering Task Force as an area
director for 10 of those years. She is best known having co-led the IPng Selection Process at IETF (long ago).
Past open source projects include open internet conferencing, multicast and IPv6. Her research and RFCs have been primarily in the areas of TCP and DNS and their security.

Willem Toorop

NLNet Labs

Willem is a developer at NLnet Labs, a not-for-profit foundation dedicated to the development of open-source implementations of open standards. At NLnet Labs Willem is the lead developer of the C DNS utility library: ldns. Willem has implemented leading edge DNS functionality for ldns based on new open standards such as DNSSEC and DANE. Our getdns-api implementation utilizes ldns for processing DNS data. Another of NLnet Labs C-libraries, libunbound, is used for DNS resolving. Besides working on ldns Willem also maintains and develops the perl Net::DNS and Net::DNS::SEC modules and actively researches Path MTU black holes that hamper DNSSEC deployment.

Neel Goyal

Verisign, Inc.

Neel is a R&D developer at Verisign with over ten years of experience. He
has worked on a variety of initiatives for Verisign ranging from domain related tools, API specifications, and routing protocol implementations. He also serves as a member on Verisign¹s Open Source Committee. Prior to Verisign, Neel worked at a startup developing consumer software for embedded devices and PCs.

Glen Wiley

Verisign, Inc.

Glen spent seven years serving as the systems architect for the DNS resolution platforms for the largest domain in the world (.COM and two of the Internet root servers). He currently works in an R&D group at Verisign where he contributes to Internet standards and builds proof of concepts exploring new products and technologies. After more than 25 years in the industry Glen brings a rich blend of history and hands on experience to the talk.